diff --git a/library/bignum.c b/library/bignum.c
index d1874031c274..3acc4b9b4ae6 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2405,6 +2405,8 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
 
 /* Fill X with n_bytes random bytes.
  * X must already have room for those bytes.
+ * The ordering of the bytes returned from the RNG is suitable for
+ * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
  * The size and sign of X are unchanged.
  * n_bytes must not be 0.
  */